On Thu, Oct 8, 2015 at 9:45 PM, Mike Shal <[email protected]> wrote: > On Thu, Oct 1, 2015 at 1:14 PM, Mike Shal <[email protected]> wrote: > >> >> On Thu, Oct 1, 2015 at 1:03 PM, Freddie Chopin <[email protected]> >> wrote: >> >>> On Thursday 01 of October 2015 12:55:49 Mike Shal wrote: >>> > Well I was wondering if it makes sense to only support the normal paths >>> > where namespacing is enabled, so I could get rid of the ^c flag and >>> suid & >>> > privilege dropping code. >>> >>> I hope you won't disable that any time soon (; This is very useful and >>> the >>> user namespaces path doesn't seem to be an universal solution... >>> >> >> Okie, good to know. I'll try to fix up the patch so that it's an >> alternate path rather than a replacement, which can be used by default for >> kernels that support it. Maybe it can just spit out a warning if your >> kernel doesn't support it and not running in a chroot that you'll have >> .tup/mnt paths. >> >> >> > Alrighty, the 'unshare' branch has been updated. Can you give it a try > again and let me know how it works? I've tested it in my arch VM, both with > tup marked suid root and without, and it seems to work. > > This changes the behavior of the ^c-flag and the default tup environment > slightly. Now if tup has the suid bit set, or if it has user namespaces > available, it will always mount the fuse filesystem in a new namespace so > that the sub-processes don't ever see the .tup/mnt directory, even if you > don't have the ^c flag set. So things like gcc with --coverage should work > out of the box. > > However, if tup isn't suid and user namespaces aren't available, you'll > see a warning when running tup that you're running in a degraded mode: > > tup warning: unshare(CLONE_NEWUSER) failed, and tup is not privileged. > Subprocesses will have '.tup/mnt' paths for the current working directory > and some dependencies may be missed. > > Using the ^c flag means those commands will just fail outright if running > in this degraded mode. It no longer forces a chroot, since that shouldn't > change the output of the program anymore. > > Let me know what you guys think! > > (Also this branch doesn't work on OSX yet, but I'll obviously fix that > before merging to master). > > I've merged this to master. Let me know if there are any issues!
-Mike -- -- tup-users mailing list email: [email protected] unsubscribe: [email protected] options: http://groups.google.com/group/tup-users?hl=en --- You received this message because you are subscribed to the Google Groups "tup-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
